In a recent podcast interview with Hillarie McClure, Multimedia Director of Cybercrime Magazine, Robert E. Johnson III, Cimcor CEO/President, discusses how system integrity assurance elevates your approach to file integrity monitoring. The podcast can be listened to in its entirety below.
Welcome to The Data Security Podcast sponsored by Cimcor. Cimcor develops innovative, next-generation file integrity monitoring software. The CimTrak Integrity Suite monitors and protects a wide range of physical, network, cloud, and virtual IT assets in real-time while providing detailed forensic information about all changes. Securing your infrastructure with CimTrak helps you get compliant and stay that way. You can find out more about Cimcor and CimTrak on the web at cimcor.com/cimtrak.
Q: Joining us today is President and CEO, Robert E. Johnson III. Robert has been a pioneer in the development of next-gen system integrity monitoring, self-healing systems, and cybersecurity software.
Robert, welcome back. Great to be speaking with you again.
A: Great to see you again, Hillarie. I appreciate you inviting me back to your show.
Q: Yeah, of course. And last time we talked about file integrity monitoring and Zero Trust, and this time we're going to talk about system integrity assurance. We've talked about this a little bit already in the past, and actually, in the last episode, you mentioned it. But we really just only scratched the surface. So I guess, Robert, what exactly is system integrity assurance, and why does it matter? I'd love for you to take us through that.
A: System integrity assurance is a giant leap beyond the classical concept that many of your audience members are familiar with and that's file integrity monitoring. Now, file integrity monitoring is the process of monitoring files for changes. Classic file integrity monitoring though has two major flaws. One, it's very noisy because it reports on all file changes, and those changes may be good, some of them may be bad. It's just the fire hose of all changes. And the other major flaw is that it only monitors files, and that's quite restrictive, because, as you know, modern systems have a lot of data in places that may not cleanly fit into files. In fact, there are many types of critical data outside of files that you have to track in order to really understand and ensure the integrity of your systems.
Some examples could include the Windows Registry, database schemas, or what about users in your Active Directory and their privilege levels? Or network device configurations? What about the configuration for your Cisco Router or firewall? Docker configurations, the configuration of your VMware ESXI host and so much more. There are lots of things in our infrastructure, Hillarie that don't cleanly fit into files, but yet are critical to understand if they change, and understand and measure the integrity of those sets of data. So system integrity assurance goes far beyond files, and it sheds that entire myopic view, actually myopic file-based view of the world so that they can monitor a variety of data sources.
Q: Based on what you just shared, that sounds very important and integral. But why don't why aren't people, perhaps you know, using system integrity assurance. So what's perhaps holding them back?
A: Right, well, we think more and more folks are using system integrity assurance tools, and Gartner's been kind of pointing out that particular space, and also how it contributes to cloud workload protection platforms. But I think for many people, they just don't realize how advanced system integrity assurance tools have actually become. For instance, I've mentioned that noise was a big problem for classical integrity monitoring tools because it reported on all change without context. In contrast, modern system integrity assurance tools can leverage a variety of mechanisms to filter out any noise so that you can focus just on the changes that actually matter, those changes that you may need to take action on. So a huge difference because now, your pinpoint, what's most important in that context did not exist back with the old classic file integrity monitoring tools.
Q: Okay, that answers my question, perfect. From there, how can an organization begin implementing system integrity assurance then?
A: Sure. Implementing system integrity assurance throughout your enterprise is much easier than most people can imagine. At Cimcor, we've created the most powerful system. Actually, we've created the most powerful system integrity assurance platform that can be deployed across hundreds of systems in just a few hours. That's completely unheard of with classic file integrity monitoring. Furthermore, Cimcor's system integrity assurance platform, which is called the CimTrak Integrity Suite, supports a wide variety of operating systems. For instance, Windows, Linux, Solaris, macOSX, HPOX, databases such as Oracle, Microsoft SQL server, container technology, such as docker and Kubernetes, network devices, a variety of network devices, actually, such as Cisco, Juniper, Fortinet, and the list just goes on. You can begin implementing system integrity and assurance very quickly and you could even get started today. A great starting point, simply go to our website at www.cimcor.com and that's spelled C as in cat, I, M, C, O, R.com. and you can sign up to try it within your own organization. I mean, we can't wait to actually hear from some of your audience members and share with them how simple we've made this entire process.
Q: Robert, as always, thank you so much for joining me and I'm looking forward to our next episode together.
A: Same here, Hillarie, I appreciate the opportunity and I'm looking forward to speaking with you again.
December 27, 2022